OTOH, if Windows just launches it for you, or prompts you to do it, you're just hosed....
Agreed on the first, but disagreed on the second.
Here's my reasoning. Why are you inserting an unknown flash drive anyway? Probably to figure out what's on it. So if Windows didn't prompt, you're probably going to look around the drive anyway, and probably come across the program that the autoplay window in Vista would prompt you to run. If you say "run this program" in the autoplay window, why wouldn't you say "run this program" when you come across it on the disk?
In fact, I'd say that the situation is exactly the reverse. If I saw some untrusted media try to autorun something, I'd be more suspicious of it than if I just stumbled across the program on the drive when looking through. Furthermore, it's a little more resistant to obfuscation by hiding the.exe extension and stuff, since if it asks you to autorun something, you know it's a program.
(This is written from the point of view of a user who isn't clueless. For someone who is careless or ignorant or whatever, I'll acknowledge that prompting is probably more prone to result in the program getting run. That'd be reason to maybe change the default, but if MS did do that, I'd set it back to Vista's current default.)
That's OK as long as you have safe media players and a solid distinction between "display only" and "contains arbitrary code" filetypes.
I fully agree Windows doesn't make a very good distinction between these, but I view this as an almost entirely orthogonal issue to the autoplay/autorun stuff. I'm not sure how it'd be particularly related.
Computers are good at deciding whether or not you can trust a piece of software? What algorithm would you use for that?
When given media that XP would have autorun, Vista uses the following algorithm:
1. ask the user what he wants to do
2. if the user clicked the "autorun" button (which says what the exe name is, and probably publisher info if it's signed), goto 5
3. don't run the program
4. goto 6
5. run the program
6. end
Yeah, but at that point it's not autoplay that's particularly involved. If you'll click the "play media" button that shows up when the autoplay window opens, I would say you're almost certain to open the WAV file if you were just exploring around the drive to see what was there.
Erm. Isn't the only reason why Windows users need autorun is because their media doesn't appear on their desktop when inserted? It's always hidden somewhere weird like My Computer or something...
For me, that's not the primary benefit. The primary benefit is that I get a window that appears on top of everything that's open. Even if it did put an icon on the desktop, I'd still have to minimize a bunch of crap to get to it.
If Windows would actually join the 1980s and have decent support for virtual desktops that would alleviate a lot of that, but even in KDE or Gnome it's often the case that I have stuff open on all of the desktops and would still have to move things. (On the tiling WM I'm using now, awesome, I've got 32 virtual desktops on each monitor, about 1/3 of which are usually used, so there getting to an open desktop would be pretty easy.)
Further, there are times when you don't want to just open the window to explore the contents; if it's a CD, you might want to autorun the installer on the CD. With Vista's autoplay, that's one click. With it appearing on the desktop, that's two double-clicks. If you plug in a camera, you might have it ask to start your camera program and start downloading images. Again one click with autoplay. With a manual start, that's probably a few clicks away as you start the program yourself and then follow its instructions.
It's not a huge win, but it is a small convenience. And at this point, the difference between different systems are usually just small conveniences for the most part anyway. Linux wins some, Windows wins some, OS X wins some.
This is exactly why a CLI is better than a GUI. With a CLI, you type the command, and the computer goes off and finds the actual executable.
Except that when you want to use a program that you don't use much, or in a new way, you have to preface that by "man whatever" or googling instructions, whereas what you can do in a GUI is largely discoverable during the normal course of your use.
With a GUI, you have to do that manually: Click Start, select All Programs, select Microsoft Office, click on Microsoft Word (as an example).
And that's why Vista's start menu is much better than XP's.
If you're still using XP, there's Launchy. (Actually that might be worthwhile even under Vista.)
Larry: Non-free Audio Fair Use for music constitutes 10% or 30 seconds of a song (which ever is shorter) and it must be in a low enough quality (didn't investigate the audio on this video to find out if it satisfied Ogg quality of 0 rule).
[Citation needed].
It's certainly case law if that's even true, and I'm skeptical that it's a universal rule even if true. The statues place no such requirements, and, in fact, there are many times when using an ENTIRE work would be considered fair use.
Or, just a thought, maybe people could learn a bit about how to use a computer and not have to have it do all the driving. Nothing wrong with learning to open an Explorer window, then navigating to a drive to access something on it. What a concept, actually knowing what's on your media. All this "ease of use" and accessibility crap is just making users dumber and dumber.
As someone who likes autorun, my reaction to this is "yeah, because I like doing work myself that a computer is good at".
I think Vista's "always autoplay, never autorun" (if I got those names right) scheme works really well.
If I insert a CD with autorun files on it or it has an autorun folder, I am prompted that this disc has software on it designed to run automatically, and I am asked what I would like to do about it.
That's what Vista does too... I actually really like that behavior. It's almost as convenient as autoplay is, but without the security risk. (Well, for good users.)
You can write crappy code in any language... managed code just makes it easier to write crappy code that actually works (if slowly). You can write pretty tuned code in a GC'd environment, to the point at which the performance is more-or-less comparable to native code. The difference is that if you screw up memory management in native code, you get a crash, a security hole, or a memory leak, which are all arguably rather worse than a performance bug, while if you screw up in managed code, you get poor performance.
And not that I make a habit of replying to myself, but even the NT system calls are just a wrapper around the low-level interface provided by the graphics card, which are just a wrapper around the DVI or VGA signals that go out on the wire, which are just a wrapper around whatever the monitor actually uses internally, which are just a wrapper...
OO syntax (in C++ almost entirely, in Java mostly, and in Smalltalk or Ruby a little bit) is just a wrapper around dealing with function pointers yourself, which with the rest of C is just a wrapper around assembly language, which is just a wrapper around machine code, which is just a wrapper around the actual architectural blocks of the chip, which are wrappers around gates, which are wrappers around transistors, etc.
Sure, some of these "wrappers" are more complicated than others, some provide more of an abstraction increase than others, but you can't dismiss something just because it's a "wrapper". In.Net's case, even the part that is "just" a wrapper around Win32 is a very useful one.
Microsoft is really giving customers the worst of both worlds. Making only incremental improvements to their mainline OS's while creating a backwards compatible VM which is simply more cruft to throw on top of an ever expanding pile of backwards compatible cruft.
Better to float the "VM as compatibility" boat in the wild before relying on it?
I'm making crap up -- it's probably more MS missightedness -- but it would be a half decent reason. There's all sorts of stuff that can go wrong in the wild that would be next to impossible to foresee, so by limiting the places where it doesn't work to only programs that don't run on Win7 natively they limit the potential damage a little bit. (Of course, problems that surface are more likely to be on critical apps.)
It's true, but IMO whether you define "whackjob" as "out of line with their party", "out of line with politics as a whole", or "out of line with the country as a whole", Paul was rather further out there than the others.
I don't really say "whackjob" too derisively here, though you would be forgiven for thinking so since I disagree with enough of Paul's platform that it would fit. Falling out of the line like that is at least not necessarily a bad thing and can often be a good thing! (Going against the Patriot act or warrantless wiretapping would be "whackjob" by at least a couple of those definitions.)
No one took him seriously, and voted instead for "serious", "non-whackjob", "mainstream" candidates
That's 'cause Ron Paul was a bit of a whackjob. In some ways good, in other ways not (IMO).
If you're actually bitter about him losing, even a little, that's the problem with having complex issues. You can agree on a candidate on a few points, but disagree on the rest (We The People Act, Sanctity of Life Act, net neutrality, etc.).
Even if you get that far, there's the point that you can have "in > out" or "5*in > 5*out". Which is better? Will your policies that you enact actually cause the "5*in" to result in a "5*out"?
But it goes even beyond that. Is it okay to have a short term "out > in" situation with deficit spending to try to spur more development that will get back to "in > out"? Do THOSE policies work?
If he doesn't receive any income from his blog, what reason does he have to need it copyrighted?
In case he later decides that he wants to. You know, like he did.
The purpose of copyright is to protect an author's source of income for a limited amount of time.
That's not the sole purpose of copyright, and I can illustrate that very easily: the GPL. If copyright only served to protect a source of income, then there'd be no reason for the GPL a lot of the time since the BSD license would satisfy the same things.
Copyright's purpose is to advance the "useful arts and sciences" (if I remember the working right). Protecting a source of income is one way to do that. Ensuring that derivative works remain open is another. Encouraging works by making it so someone ELSE can't make money without paying back is another.
(As an illustration on that last one, assume that Raymond Chen never did want to make money, so left his blog uncopyrighted. I still think it's useful to prevent a 3rd party from just coming along and putting together a compilation themself and selling it, retuning nothing to Chen. I can definitely see the possibility of that preventing some people from contributing.)
This idea that everything you say or write or even think should be copyrighted is a huge problem with copyright law.
Well, you're one out of three. (Writing something leads to copyright, but saying (without recording) or thinking doesn't.) Anyway, I would disagree.
-Requiring high altitudes for all planes, military or civilian
I think these are in place. Last time I saw a flight map for a city, there were huge no fly circles around it. I'm not a pilot but I think that's been around for a while.
For civilian pilots, sure. Apparently they are not in place for photo ops.
This wouldn't have saved many lives... if any at all. People would be too scared to jump until absolutely sure the planes are going to hit them.
Still would have potentially saved quite a few lives of people on 9/11 who were above the crash and couldn't get out.
'course, it might have created absolute chaos if everyone were BASE jumping out their window, and with the skydiving skills most people have, probably would have led to more problems then it helped.
Take The Old New Thing, Raymond Chen's blog. He posts one or two posts each weekday. Should he have to register each of these? At $35/post, that's somewhere around $10,000/year. I don't see any ads on his blog, so I'm not sure he gets any income from it except from the book that's a compilation of entries. If he doesn't copyright each entry, can he copyright the whole blog? What does he send the copyright office for the entries he hasn't written?
What about entries to my personal blog? Or posts to/.? Do I leave them uncopyrighted?
I'm not saying that these challenges can't be overcome, but saying that "if you can't afford $35 to register a copyright" leaves a lot of challenges that you need to overcome before it's practical today.
Actually this is a good question... I'm not actually sure if this would work or not.
I can't imagine it would be at all difficult to run sudo in such a way as the user wouldn't see the password prompt. If running sudo once and entering the password saves it for future sessions, then the saved password *could* be available to the script unless it's smart enough to check the process hierarchy or something like that./me goes to try this idea out
Slashdot Mirror
OTOH, if Windows just launches it for you, or prompts you to do it, you're just hosed....
Agreed on the first, but disagreed on the second.
Here's my reasoning. Why are you inserting an unknown flash drive anyway? Probably to figure out what's on it. So if Windows didn't prompt, you're probably going to look around the drive anyway, and probably come across the program that the autoplay window in Vista would prompt you to run. If you say "run this program" in the autoplay window, why wouldn't you say "run this program" when you come across it on the disk?
In fact, I'd say that the situation is exactly the reverse. If I saw some untrusted media try to autorun something, I'd be more suspicious of it than if I just stumbled across the program on the drive when looking through. Furthermore, it's a little more resistant to obfuscation by hiding the .exe extension and stuff, since if it asks you to autorun something, you know it's a program.
(This is written from the point of view of a user who isn't clueless. For someone who is careless or ignorant or whatever, I'll acknowledge that prompting is probably more prone to result in the program getting run. That'd be reason to maybe change the default, but if MS did do that, I'd set it back to Vista's current default.)
That's OK as long as you have safe media players and a solid distinction between "display only" and "contains arbitrary code" filetypes.
I fully agree Windows doesn't make a very good distinction between these, but I view this as an almost entirely orthogonal issue to the autoplay/autorun stuff. I'm not sure how it'd be particularly related.
Computers are good at deciding whether or not you can trust a piece of software? What algorithm would you use for that?
When given media that XP would have autorun, Vista uses the following algorithm:
1. ask the user what he wants to do
2. if the user clicked the "autorun" button (which says what the exe name is, and probably publisher info if it's signed), goto 5
3. don't run the program
4. goto 6
5. run the program
6. end
It works pretty well.
Yeah, but at that point it's not autoplay that's particularly involved. If you'll click the "play media" button that shows up when the autoplay window opens, I would say you're almost certain to open the WAV file if you were just exploring around the drive to see what was there.
Erm. Isn't the only reason why Windows users need autorun is because their media doesn't appear on their desktop when inserted? It's always hidden somewhere weird like My Computer or something...
For me, that's not the primary benefit. The primary benefit is that I get a window that appears on top of everything that's open. Even if it did put an icon on the desktop, I'd still have to minimize a bunch of crap to get to it.
If Windows would actually join the 1980s and have decent support for virtual desktops that would alleviate a lot of that, but even in KDE or Gnome it's often the case that I have stuff open on all of the desktops and would still have to move things. (On the tiling WM I'm using now, awesome, I've got 32 virtual desktops on each monitor, about 1/3 of which are usually used, so there getting to an open desktop would be pretty easy.)
Further, there are times when you don't want to just open the window to explore the contents; if it's a CD, you might want to autorun the installer on the CD. With Vista's autoplay, that's one click. With it appearing on the desktop, that's two double-clicks. If you plug in a camera, you might have it ask to start your camera program and start downloading images. Again one click with autoplay. With a manual start, that's probably a few clicks away as you start the program yourself and then follow its instructions.
It's not a huge win, but it is a small convenience. And at this point, the difference between different systems are usually just small conveniences for the most part anyway. Linux wins some, Windows wins some, OS X wins some.
Computers are HORRIBLE at deciding what is safe to run at what isn't.
That's why Vista's solution, which doesn't run anything from the untrusted media, is a great compromise.
Good thing that (I am pretty sure) wouldn't happen in Vista, or at least less likely, which is exactly what I'm talking about.
This is exactly why a CLI is better than a GUI. With a CLI, you type the command, and the computer goes off and finds the actual executable.
Except that when you want to use a program that you don't use much, or in a new way, you have to preface that by "man whatever" or googling instructions, whereas what you can do in a GUI is largely discoverable during the normal course of your use.
With a GUI, you have to do that manually: Click Start, select All Programs, select Microsoft Office, click on Microsoft Word (as an example).
And that's why Vista's start menu is much better than XP's.
If you're still using XP, there's Launchy. (Actually that might be worthwhile even under Vista.)
Larry: Non-free Audio Fair Use for music constitutes 10% or 30 seconds of a song (which ever is shorter) and it must be in a low enough quality (didn't investigate the audio on this video to find out if it satisfied Ogg quality of 0 rule).
[Citation needed].
It's certainly case law if that's even true, and I'm skeptical that it's a universal rule even if true. The statues place no such requirements, and, in fact, there are many times when using an ENTIRE work would be considered fair use.
Or, just a thought, maybe people could learn a bit about how to use a computer and not have to have it do all the driving. Nothing wrong with learning to open an Explorer window, then navigating to a drive to access something on it. What a concept, actually knowing what's on your media. All this "ease of use" and accessibility crap is just making users dumber and dumber.
As someone who likes autorun, my reaction to this is "yeah, because I like doing work myself that a computer is good at".
I think Vista's "always autoplay, never autorun" (if I got those names right) scheme works really well.
If I insert a CD with autorun files on it or it has an autorun folder, I am prompted that this disc has software on it designed to run automatically, and I am asked what I would like to do about it.
That's what Vista does too... I actually really like that behavior. It's almost as convenient as autoplay is, but without the security risk. (Well, for good users.)
It would be only if the work includes code that you don't have copyright to. If it's your product, this very well may not be the case.
shouldn't they patch the version XP shipped with instead?
They did. The patch is called "IE8".
You can write crappy code in any language... managed code just makes it easier to write crappy code that actually works (if slowly). You can write pretty tuned code in a GC'd environment, to the point at which the performance is more-or-less comparable to native code. The difference is that if you screw up memory management in native code, you get a crash, a security hole, or a memory leak, which are all arguably rather worse than a performance bug, while if you screw up in managed code, you get poor performance.
And not that I make a habit of replying to myself, but even the NT system calls are just a wrapper around the low-level interface provided by the graphics card, which are just a wrapper around the DVI or VGA signals that go out on the wire, which are just a wrapper around whatever the monitor actually uses internally, which are just a wrapper ...
OO syntax (in C++ almost entirely, in Java mostly, and in Smalltalk or Ruby a little bit) is just a wrapper around dealing with function pointers yourself, which with the rest of C is just a wrapper around assembly language, which is just a wrapper around machine code, which is just a wrapper around the actual architectural blocks of the chip, which are wrappers around gates, which are wrappers around transistors, etc.
Sure, some of these "wrappers" are more complicated than others, some provide more of an abstraction increase than others, but you can't dismiss something just because it's a "wrapper". In .Net's case, even the part that is "just" a wrapper around Win32 is a very useful one.
In addition to what the previous poster said:
it is a wrapper on top of the real API, Win32.
Win32 isn't the real API either, it's just a wrapper on top of the real API, the NT System Call interface.
It's closer to the kernel, sure, but you're dismissing .net too quickly.
Microsoft is really giving customers the worst of both worlds. Making only incremental improvements to their mainline OS's while creating a backwards compatible VM which is simply more cruft to throw on top of an ever expanding pile of backwards compatible cruft.
Better to float the "VM as compatibility" boat in the wild before relying on it?
I'm making crap up -- it's probably more MS missightedness -- but it would be a half decent reason. There's all sorts of stuff that can go wrong in the wild that would be next to impossible to foresee, so by limiting the places where it doesn't work to only programs that don't run on Win7 natively they limit the potential damage a little bit. (Of course, problems that surface are more likely to be on critical apps.)
All the candidates were whackjobs to some degree.
It's true, but IMO whether you define "whackjob" as "out of line with their party", "out of line with politics as a whole", or "out of line with the country as a whole", Paul was rather further out there than the others.
I don't really say "whackjob" too derisively here, though you would be forgiven for thinking so since I disagree with enough of Paul's platform that it would fit. Falling out of the line like that is at least not necessarily a bad thing and can often be a good thing! (Going against the Patriot act or warrantless wiretapping would be "whackjob" by at least a couple of those definitions.)
No one took him seriously, and voted instead for "serious", "non-whackjob", "mainstream" candidates
That's 'cause Ron Paul was a bit of a whackjob. In some ways good, in other ways not (IMO).
If you're actually bitter about him losing, even a little, that's the problem with having complex issues. You can agree on a candidate on a few points, but disagree on the rest (We The People Act, Sanctity of Life Act, net neutrality, etc.).
In>out: good. In<out: bad
Even if you get that far, there's the point that you can have "in > out" or "5*in > 5*out". Which is better? Will your policies that you enact actually cause the "5*in" to result in a "5*out"?
But it goes even beyond that. Is it okay to have a short term "out > in" situation with deficit spending to try to spur more development that will get back to "in > out"? Do THOSE policies work?
If he doesn't receive any income from his blog, what reason does he have to need it copyrighted?
In case he later decides that he wants to. You know, like he did.
The purpose of copyright is to protect an author's source of income for a limited amount of time.
That's not the sole purpose of copyright, and I can illustrate that very easily: the GPL. If copyright only served to protect a source of income, then there'd be no reason for the GPL a lot of the time since the BSD license would satisfy the same things.
Copyright's purpose is to advance the "useful arts and sciences" (if I remember the working right). Protecting a source of income is one way to do that. Ensuring that derivative works remain open is another. Encouraging works by making it so someone ELSE can't make money without paying back is another.
(As an illustration on that last one, assume that Raymond Chen never did want to make money, so left his blog uncopyrighted. I still think it's useful to prevent a 3rd party from just coming along and putting together a compilation themself and selling it, retuning nothing to Chen. I can definitely see the possibility of that preventing some people from contributing.)
This idea that everything you say or write or even think should be copyrighted is a huge problem with copyright law.
Well, you're one out of three. (Writing something leads to copyright, but saying (without recording) or thinking doesn't.) Anyway, I would disagree.
-Requiring high altitudes for all planes, military or civilian
I think these are in place. Last time I saw a flight map for a city, there were huge no fly circles around it. I'm not a pilot but I think that's been around for a while.
For civilian pilots, sure. Apparently they are not in place for photo ops.
This wouldn't have saved many lives ... if any at all. People would be too scared to jump until absolutely sure the planes are going to hit them.
Still would have potentially saved quite a few lives of people on 9/11 who were above the crash and couldn't get out.
'course, it might have created absolute chaos if everyone were BASE jumping out their window, and with the skydiving skills most people have, probably would have led to more problems then it helped.
What about things less than a book though?
Take The Old New Thing, Raymond Chen's blog. He posts one or two posts each weekday. Should he have to register each of these? At $35/post, that's somewhere around $10,000/year. I don't see any ads on his blog, so I'm not sure he gets any income from it except from the book that's a compilation of entries. If he doesn't copyright each entry, can he copyright the whole blog? What does he send the copyright office for the entries he hasn't written?
What about entries to my personal blog? Or posts to /.? Do I leave them uncopyrighted?
I'm not saying that these challenges can't be overcome, but saying that "if you can't afford $35 to register a copyright" leaves a lot of challenges that you need to overcome before it's practical today.
Actually this is a good question... I'm not actually sure if this would work or not.
I can't imagine it would be at all difficult to run sudo in such a way as the user wouldn't see the password prompt. If running sudo once and entering the password saves it for future sessions, then the saved password *could* be available to the script unless it's smart enough to check the process hierarchy or something like that. /me goes to try this idea out
Because destroying systems became passe a long time ago, and botnets are now very profitable?
(And if you want to run a good botnet, it needs to go undetected -- aka, be a rootkit.)